GLib Integer Overflow Vulnerability in GString Memory Management

Vulnerability

An integer overflow vulnerability has been identified in the GLib library, specifically in the GString management function g_string_maybe_expand(). This flaw occurs when very large strings are appended with additional data, causing the internal size calculation to incorrectly estimate available memory. As a result, data may be written beyond the allocated memory bounds, leading to memory corruption or application crashes. This vulnerability affects GLib versions 2.75.3 prior to 2.84.3.

Impact

Exploitation of this vulnerability can cause memory corruption or application crashes.

Added: Jun 13, 2025, 4:17 PM

Updated: Jun 13, 2025, 4:17 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLib Integer Overflow Vulnerability in GString Memory Management

Vulnerability

Impact

Affected Products

GNOME GLib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating